def test_oliver_bug(db): clause = { "clause": [ { "effect": "allow", "object": ["organization/*"], "action": ["organization.*"] }, { "effect": "allow", "object": ["project/*/*"], "action": ["project.*.*"] } ] } policy = Policy.objects.create(name='default', body=json.dumps(clause)) user = UserFactory.create(username='******') user.assign_policies(policy) # The "successful_authenticator" thing here is more or less # equivalent to calling force_authenticate, I think, but it # requires less "real" DRF stuff. req1 = APIRequestFactory().get('/check') req1.user = user req1.successful_authenticator = True req2 = APIRequestFactory().post('/check') req2.user = user req2.successful_authenticator = True org = Organization(pk='TestOrg') proj = Project(pk='TestProj', organization=org) # This works! rsp1 = ProjectUsers().as_view(object=proj)(req1).render() assert rsp1.status_code == 200 # This works too! rsp2 = ProjectUsers().as_view(object=proj)(req2).render() assert rsp2.status_code == 201
def api_post(url, user): req = APIRequestFactory().post(url) req.user = user req.successful_authenticator = True return req